Ethos Public Vulnerability Disclosure Policy

The information in this section is intended for security researchers interested in reporting security vulnerabilities to the Ethos Information Security team.

Ethos strongly believes that collaboration with the security community is key to maintaining secure environments for our customers and staff. As such, if you believe you've discovered a security vulnerability on an Ethos information asset/application, we strongly encourage you to inform us as quickly as possible. We ask that such vulnerability reports be kept private while we are working to analyze and resolve the underlying issues before any necessary disclosures are made.

In return, we will work to review reports we receive and respond in a timely manner. Ethos will not seek law enforcement remedies against you for identifying security issues, so long as you abide by applicable law and Ethos policies regarding reports, including: taking no actions which would compromise the safety or privacy of our customers or company data and/or destroy any sensitive data you might have gathered from Ethos as part of your research once the issues you identified are resolved or at any time upon request from Ethos.

Thanks for your help!

We take privacy seriously. By using our site you agree to our privacy policy.